<?php
$perms =& $AppUI->acl();
$canEdit = $perms->checkModuleItem('quotations', 'edit');
if (!$canEdit) {
	$AppUI->setMsg( 'Access denied', UI_MSG_ERROR, true );
	$AppUI->redirect();
}
?>
<?php
require_once('quotation_files.class.php');
// create a new instance of the quotation file class
$obj = new CQuotation_files();
$msg = '';	// reset the message string

// Get login object
$uid = $AppUI->user_id;
// detect if a delete operation has to be processed
$del = dPgetParam($_POST, 'del', 0);

// detect if a cancel operation has to be processed
$cancel = dPgetParam($_POST, 'cancel', 0);

//print_r($_POST['quote_id']);exit;
$file_id = dPgetParam($_POST, 'qfile_id', $_GET['qfile_id']);

// doAction
if($cancel){
	$AppUI->redirect();
}
else{
	if (!defined('DP_BASE_DIR')) {
		echo 'You should not access this file directly.';
		exit();
	}
	$root = DP_BASE_DIR.'/files/quotations';
	$cmd = dPgetParam($_POST, 'cmd', $_GET['cmd']);

	if($cmd=='get'){
		getfile($uid, $file_id);
	}
	else if($cmd=='put' or $cmd=='update'){
		$data = putfile('file_upload');
		if(is_array($data)){
			foreach($data as $key => $value){
				$_POST[$key] = $value;
			}
			if($cmd=='update'){
				// Delete file old
				$obj->load($file_id);
				$row = $obj;
				delfile($row->qfile_path);
			}
		}

		$isNotNew = intval($_POST['qfile_id']) > 0;
		// Check update successful
		if(!$obj->bind($_POST)){
		 	$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
		}
		else{
			$msg = $obj->store();
			$AppUI->setMsg( $isNotNew ? 'updated' : 'added', UI_MSG_OK, true );
		}
		$AppUI->redirect();
	}
	else if($cmd=='delete'){
		// Get file path from file id
		$obj->load($file_id);
		$row = $obj;
		delfile($row->qfile_path);

		if (!$obj->canDelete($msg)) {
		// $AppUI->setMsg( $msg, UI_MSG_ERROR );
		}
		if ($msg = $obj->deleteById($file_id)){
			$AppUI->setMsg( $msg, UI_MSG_ERROR );			// message with error flag
		}else{
			$AppUI->setMsg( "File deleted", UI_MSG_ALERT);		// message with success flag
		}
		$AppUI->redirect();
	}
}
?>
<?
function getfile($uid, $id){
	global $AppUI, $root;
	$obj = new CQuotation_files();

	// Get file path from file id
	$obj->load($id);
	$row = $obj;
	$file = $root.'/'.$row->qfile_path;

	if ($row->qfile_type == '')
		$row->qfile_type = 'application/octet-stream';

	header( 'MIME-Version: 1.0' );
	header( 'Pragma: public' );
	header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0');
	header( 'Content-length: ' . $row->qfile_size);
	header( 'Content-type: ' . $row->qfile_type);
	header( 'Content-transfer-encoding: 8bit');
	header( 'Content-disposition: attachment; filename="' . $row->qfile_name . '"' );

	$fd = fopen($file, 'rb');
	if ($fd) {
		while ( !feof($fd) ) {
			print fread($fd, 8192);
		}
		fclose($fd);
	}
}

function putfile($name){
	global $AppUI, $root;

	// Check file upload exist
	if($_FILES[$name]['error'] == 0){
		$upload = $_FILES[$name];
		$path = $root.'/';
		$file_real_filename = md5($path . $upload['name'] . date('Y-m-d H:i:s'));
		$file = $path . $file_real_filename;
		move_uploaded_file($upload['tmp_name'], $file);

		$fields = array(
			'qfile_path' => $file_real_filename,
			//'qfile_name' => $upload['name'],
			'qfile_size' => $upload['size'],
			'qfile_type' => $upload['type'],
			'qfile_date' => date('Y-m-d H:i:s', filectime($file)),
		);
		return $fields;
	}
	return null;
}

function delfile($file_name){
	global $AppUI, $root;
	if(is_file($root.'/'.$file_name)){
		unlink($root.'/'.$file_name);
	}
}
?>
